Or, better yet, set up a stored procedure in which you recieve the various parameters and then do things like check @investor for the presence of a semi-colon (;) and take various other preventitive measures (e.g. making sure that values are "reasonable"). Once you have scrubbed and established the reasonableness of the parameter values, you can using their values in the stored procedure's query statement to accomplish the same results as your dynamic SQL.

When you hear the word proxy, you may become apprehensive. This article will help you to understand Proxy and when it is useful.
Let's talk Proxy for SQL Server. (Not in terms of Internet access.) Typically, you'll run into this type of problem w…

Everyone has problem when going to load data into Data warehouse (EDW). They all need to confirm that data quality is good but they don't no how to proceed.
Microsoft has provided new task within SSIS 2008 called "Data Profiler Task". It solve th…